User Guide for Cisco Performance Monitor 4.1
Introduction
Downloads: This chapterpdf (PDF - 134.0KB) The complete bookPDF (PDF - 2.54MB) | Feedback

Introduction

Table Of Contents

Introduction

What Is Performance Monitor?

Understanding Basic Concepts

Performance Monitor and FCAPS

Supported Services and Platforms for Monitoring and Reports


Introduction


Performance Monitor is a browser-based tool that monitors and troubleshoots the health and performance of services that contribute to enterprise network security. Supported service types are remote-access VPN, site-to-site VPN, firewall, web server load-balancing, and proxied SSL.


Tip To learn more about important security concepts, technologies, and service types, see Cisco.com.


The following topics provide an overview of Performance Monitor:

What Is Performance Monitor?

Understanding Basic Concepts

Performance Monitor and FCAPS

Supported Services and Platforms for Monitoring and Reports

What Is Performance Monitor?

Performance Monitor is a component of the Cisco Security Management Suite. It enables you to increase service availability by isolating, analyzing, and troubleshooting significant events in your network as they occur. Performance Monitor runs on top of CiscoWorks Common Services, which supplies essential server-side components and manages some functions on behalf of Performance Monitor. For more information, see the Common Services online help.

The following table describes Performance Monitor scalability.

Number of devices—Supports up to 500 devices, including security contexts.

Number of users—Supports up to 5 simultaneous users.

VPN restrictions—We recommend that you monitor only the hubs, not the spokes, in any hub-and-spoke VPNs that you monitor. We recommend that you monitor no more than 5,000 tunnels.

See the following figure to understand the tabs from which you access all features and functions of Performance Monitor.

Figure 1-1 Tabs

1

Summary tab options enable you to:

Display a list of known critical problems (P1 and P2) in your network, or display graphs and charts that summarize the health and performance of any supported service in your network.

Open a dashboard (a compact summary), or open an event browser with no set filters.

Note To understand dashboards and event browsers, see Understanding Basic Concepts.

2

Monitor tab options provide real-time monitoring for supported services on supported devices, such as:

VPN (RAS or site-to-site) and firewall devices and services, including multi-conext (virtual firewalls).

Load-balancing services from content-switching service modules.

SSL proxy services.

For a list of supported devices, see Supported Devices and Software Versions for Cisco Security Manager.

3

Options under the Reports tab enable you to:

Configure, generate, and view reports about usage, throughput, performance, and failures.

Schedule the automatic creation and email distribution of reports.

Display reports for the remote-access VPN sessions of any user or all users.

Review up to a year's worth of report data, in which the data points occur at hourly, daily, weekly, or monthly intervals.

Export report data in CSV, XML, or PDF formats.

4

Devices tab options enable you to:

Import and validate device attributes manually or from a CSV file.

View hardware, software, and network descriptions for devices.

Learn when Performance Monitor most recently updated the tables and graphs under the Monitor tab, and to what extent.

Edit device SNMP settings.

Enable or disable device polling.

Navigate in device groups (system-defined and user-defined) and view their properties.

Create device groups and edit their properties.

Delete user-defined device groups and delete references to specific devices.

5

Admin tab options enable you to configure event management and system parameter settings, review logs, develop customized online help content for your organization, and specify the default page.

Event management options are:

Generate events based on SNMP traps, Syslog data, or crossed thresholds.

Use default or user-configurable thresholds.

Configure notification through email, SNMP traps, and Syslog.

System parameter settings control polling intervals, truncation intervals, and the intervals after which Performance Monitor deletes its records of historical data.


Understanding Basic Concepts

The following table describes basic concepts that you must understand in order to use Performance Monitor successfully.

Table 1-1 Performance Monitor Concepts 

Concept
Description

critical problems

Critical problems are abnormal (P1 or P2) conditions that occur when a system component exceeds a performance threshold or functions improperly. Critical problems can cause network service disruptions and outages.

dashboard

The dashboard is a small browser window in which you isolate summary graphs for one or more supported services. The graphs refresh at an interval that you specify and summarize the performance of as many services as you select. If you select multiple services, the dashboard cycles through them in sequence, displaying graphs for one service at a time every time the dashboard display is refreshed.

You open the dashboard when you click a detach icon (see Figure 3-2 on page 3-5) in a page under the Summary tab.

events

An event is a notification that a managed device or component has an abnormal condition. Multiple events can occur simultaneously on a single monitored device or service module. To display events, you open an event browser.

event browsers

An event browser organizes events into two event classes:

Failure — Shows events in which a monitored component or service failed to operate as expected.

Performance — Shows events in which a monitored component or service exceeded acceptable thresholds.

An event browser enables you to browse events generally or by type and to sort events by criteria that you choose. You can filter events by event class, service type, device type, severity, state, or description, and you can search for an event by its assigned event ID number. You can also accept responsibility for resolving the events that you view.

Each monitored service has its own dedicated event browser. The information in an event browser typically applies only to the service from which you started it. To display events for one service only, you must open the relevant event browser.

Tip To open an event browser that displays unfiltered events of every type for every service, select Summary > Event Browser.

summaries

Summary graphs and tables show the most recent 8 hours of service activity, based on polling that recurs at a configurable interval. Click hyperlinked graphs and table entries to see more detailed information.


Performance Monitor and FCAPS

In an effort to provide a clear focus and strategy for running a network safely and efficiently, the International Organization for Standardization (ISO) developed a network management model known as the FCAPS model. This model identifies five key areas of network management: Fault management, Configuration management, Accounting, Performance management, and Security.

Fault management is concerned with detecting, diagnosing, and correcting network and system faults (outages and degradations). Fault management products typically provide for alert handling and event management functions, and can include the diagnostic tools needed to isolate faults to facilitate corrective or alternative actions.

Configuration management is concerned with the installation, identification, inventory removal, and configuration of hardware (including components such a cards, modules, memory, and software), software, firmware, and services. Configuration management also provides for monitoring and managing the deployment status of a device. The configuration management functional area includes software management, change control, and inventory management.

Accounting management is concerned with tracking the use of resources in a network An example would be the allocation of billing costs for both time and services rendered by a service provider. Accounting management also addresses billing for utilization of communications and computing facilities, as well as tracking user access to networks and the resources accessed by those users. Accounting management systems typically include knowledge of tariff structures.

Performance management is concerned with the measurement and analysis of both short-term and long-term network and system statistics related to utilization, response time, availability, and error rates. Performance management is also used to determine whether there are any outages on a network. Ideally, performance data can be used to prevent future failures by helping network planners identify trends that suggest capacity utilization or other problems before such problems affect users or services. Performance management tools are also used to assist in planning, design, and performance-tuning for improved network and systems efficiency.

Security management is concerned with controlling access to network resources and preventing unauthorized use of or tampering with the network. Security management tools can address user access rights, data privacy, alarms and audit trails of security attacks/breaches, the management of security mechanisms, and password distribution.

The capabilities of the Performance Monitor application are in the fault management and performance management categories as shown in the following table in bold text.

Table 1-2 Organization of the FCAPS Model 

Fault Management
Configuration Management
Accounting Management
Performance Management
Security Management

Handle alarms

System turn-up

Track service usage

Collect data

Control network element (NE) access

Detect trouble

Provisioning

Bill for services

Generate reports

Enable NE functions

Correct trouble

Autodiscovery

Service level agreements

Analyze data

Access logs

Test and acceptance

Backup and restore

Monitor performance

Network recovery

Database handling

Forward alarms

Manage inventory

Filtering


Supported Services and Platforms for Monitoring and Reports

The following table shows which services Performance Monitor can monitor, and issue reports for, on each supported Cisco platform. Additional explanation follows the table.

Table 1-3 Supported Services and Platforms for Monitoring 

Platform
Monitored Service Type
VPN
Firewall
Other
DMVPN
Easy VPN
Remote Access
Site-to-Site
Firewall
Multicontext
Load Balancing
SSL

Adaptive Security Appliances 5500 Series

NA

X

X

X

X

X

NA

NA

Catalyst 6500 Series Switches

Content-switching Services Modules

NA

NA

NA

NA

NA

NA

 

NA

Firewall Services Modules

NA

X

X

X

X

X

NA

NA

SSL Services Modules

NA

NA

NA

NA

NA

NA

NA

X

VPNSMs

X

NA

X

NA

NA

NA

VPN SPAs

X

NA

X

NA

NA

NA

VSPAs

X

NA

X

NA

NA

NA

Cisco IOS Routers

X

X

X

X

X

NA

NA

NA

PIX Firewalls

NA

X

X

X

X

X

NA

NA

VPN 3000 Concentrator Series

NA

X

X

X

NA

NA

NA

NA


When analyzing this table, keep the following in mind:

In this table:

NA describes a service that the specified platform does not provide.

The X character describes a service that Performance Monitor supports on the specified platform.

The em-dash character ( — ) describes a service that Performance Monitor does not monitor on the specified platform.

The following are supported services that vary for specific software or device versions:

PIX OS 7.0 and later support Easy VPN services, but not RAS clustering for Easy VPNs.

PIX OS 7.0 and later support Easy VPN, RAS VPN, site-to-site VPN, and virtual (multicontext) firewall services.

PIX OS 7.0 and later support RAS VPN and site-to-site VPN services in routed single context mode only.

FWSM versions 2.2 and later support virtual (multicontext) firewall services.

FWSM versions 3.1 and later support RAS VPN and site-to-site VPN services in routed single context mode only.

Cisco ASA Software Version 7.0 and later support Easy VPN, RAS VPN, site-to-site VPN, and virtual (multicontext) firewall services.

Performance Monitor neither monitors nor offers reports for the load balancing of Cisco VPN 3000 concentrators or supported ASA appliances that you organize in virtual clusters. The Load Balancing column in this table refers exclusively to the web server load balancing services associated with supported content switching services modules in Catalyst 6500 series switches.